secdev
Report the interface ID used to capture pcapng files
- On pcapng files, you can have several capture interfaces. We report this information to be able to use it on another classes I don't think adding a unit test for this is worth it, since We just report a field to the upper layer that is already parsed.
Note: It's my first contribution to scapy. Let me know if I missed something :-)
Checklist:
- [x] If you are new to Scapy: I have checked CONTRIBUTING.md (esp. section submitting-pull-requests)
- [x] I squashed commits belonging together
- [x] I added unit tests or explained why they are not relevant
- [x] I executed the regression tests (using
cd test && ./run_testsortox) - [x] If the PR is still not finished, please create a Draft Pull Request
fixes #4731
Hi, thanks for the PR. I don't really understand where you're getting those IDs from. Packets already have the interface they're sniffed on as parameter, isn't that enough? Thanks
Hi @gpotter2,
we'd like to use the interface ID of the pcapng in a wireshark-way
In the python code, it would be like this:
sniff(prn=self._scapy_callback, ....
def _scapy_callback(self, packet):
eth_message.interface_id = packet.intid
In pcapng, interface name is parsed from Interface Description Block (method: _read_block_idb)
Then, parsing the packets of the pcapng, The Interface ID value refers to a particular Interface Description Block by referencing its implicit zero-indexed IDB position in the current section. I.e. the first IDB defined in a section has Interface ID 0x00000000, the second one has 0x00000001, and so on.
we didn't find a way to get this information from a Packet instance. Maybe I'm wrong and this patch is useless. In this case, could you explain me how to do this?
Thanks in advance
Codecov Report
Attention: Patch coverage is 36.36364% with 7 lines in your changes missing coverage. Please review.
Project coverage is 49.31%. Comparing base (
0648c0d) to head (ad116e9).
| Files with missing lines | Patch % | Lines |
|---|---|---|
| scapy/utils.py | 0.00% | 5 Missing :warning: |
| scapy/packet.py | 66.66% | 2 Missing :warning: |
:exclamation: There is a different number of reports uploaded between BASE (0648c0d) and HEAD (ad116e9). Click for more details.
HEAD has 10 uploads less than BASE
Flag BASE (0648c0d) HEAD (ad116e9) 12 2
Additional details and impacted files
@@ Coverage Diff @@
## master #4729 +/- ##
===========================================
- Coverage 82.20% 49.31% -32.89%
===========================================
Files 361 343 -18
Lines 87195 86931 -264
===========================================
- Hits 71679 42873 -28806
- Misses 15516 44058 +28542
| Files with missing lines | Coverage Δ | |
|---|---|---|
| scapy/packet.py | 50.97% <66.66%> (-33.52%) |
:arrow_down: |
| scapy/utils.py | 25.61% <0.00%> (-48.83%) |
:arrow_down: |
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
HI @gpotter2 , sorry for the delay. I need to do a deeper analysis of my team's need and I'll come back on this pull request. Thanks
The interface ID is purely internal to a PCAPng file. It is only meant to avoid duplicating data.
Unless you can give us a use case, I agree with @gpotter2: the interface ID should not be exposed to the Packet class.
Hi all, thanks for your feedback, indeed it's cleaner to rely on the interface name instead of interface ID that is virtually computed. Let's close this PR.